- Part I – Common provisions
- Chapter 1 – Scope and definitions
- Chapter 2 – Legal basis for processing personal data
- Chapter 3 – Data protection officers of public bodies
- Chapter 4 – Federal Commissioner for Data Protection and Freedom of Information
- Chapter 5 – Representation on the European Data Protection Board, single contact point, cooperation among the federal supervisory authorities and those of the Länder concerning European Union matters
- Chapter 6 – Legal remedies
- Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679
- Chapter 1 – Legal basis for processing personal data
- Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes
- Sub-chapter 2 – Special processing situations
- Section 26 Data processing for employment-related purposes
- Section 27 Data processing for purposes of scientific or historical research and for statistical purposes
- Section 28 Data processing for archiving purposes in the public interest
- Section 29 Rights of the data subject and powers of the supervisory authorities in the case of secrecy obligations
- Section 30 Consumer loans
- Section 31 Protection of commercial transactions in the case of scoring and credit reports
- Chapter 2 – Rights of the data subject
- Section 32 Information to be provided where personal data are collected from the data subject
- Section 33 Information to be provided where personal data have not been obtained from the data subject
- Section 34 Right of access by the data subject
- Section 35 Right to erasure
- Section 36 Right to object
- Section 37 Automated individual decision-making, including profiling
- Chapter 3 – Obligations of controllers and processors
- Chapter 4 -Supervisory authorities for data processing by private bodies
- Chapter 5 – Penalties
- Chapter 6 – Legal remedies
- Chapter 1 – Legal basis for processing personal data
- Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680
- Chapter 1 – Scope, definitions and general principles for processing personal data
- Chapter 2 – Legal basis for processing personal data
- Section 48 Processing of special categories of personal data
- Section 49 Processing for other purposes
- Section 50 Processing for archiving, scientific and statistical purposes
- Section 51 Consent
- Section 52 Processing on instructions from the controller
- Section 53 Confidentiality
- Section 54 Automated individual decision
- Chapter 3 – Rights of the data subject
- Section 55 General information on data processing
- Section 56 Notification of data subjects
- Section 57 Right of access
- Section 58 Right to rectification and erasure and to restriction of processing
- Section 59 Modalities for exercising the rights of the data subject
- Section 60 Right to lodge a complaint with the Federal Commissioner
- Section 61 Legal remedies against decisions of the Federal Commissioner or if he or she fails to take action
- Chapter 4 – Obligations of controllers and processors
- Section 62 Processing carried out on behalf of a controller
- Section 63 Joint controllers
- Section 64 Requirements for the security of data processing
- Section 65 Notifying the Federal Commissioner of a personal data breach
- Section 66 Notifying data subjects affected by a personal data breach
- Section 67 Conducting a data protection impact assessment
- Section 68 Cooperation with the Federal Commissioner
- Section 69 Prior consultation of the Federal Commissioner
- Section 70 Records of processing activities
- Section 71 Data protection by design and by default
- Section 72 Distinction between different categories of data subjects
- Section 73 Distinction between facts and personal assessments
- Section 74 Procedures for data transfers
- Section 75 Rectification and erasure of personal data and restriction of processing
- Section 76 Logging
- Section 77 Confidential reporting of violations
- Chapter 5 – Transfers of data to third countries and to international organizations
- Chapter 6 – Cooperation among supervisory authorities
- Chapter 7 – Liability and penalties
- Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 and Directive (EU) 2016/680
